Select Supported Platforms

Select Supported Architectures

Select Tier

Github Name


README
Asset Definition
Release Notes
Release Assets

sensu-dynamic-check-plugin

Sensu Bonsai Asset
Go Test
goreleaser

Table of Contents

Overview

The sensu-dynamic-check-plugin is a Sensu Mutator that parse labels from sensu events and creates a dynamic check in Sensu Backend and add event.check.annotation io.sensu.remediation.config.actions with these values then it can be scheduled by sensu-remediation-handler

Usage

Sensu Dynamic Check Mutator creates sensu check based on template

Usage:
  sensu-dynamic-check-mutator [flags]
  sensu-dynamic-check-mutator [command]

Available Commands:
  help        Help about any command
  version     Print the version number of this plugin

Flags:
  -B, --api-backend-host string                  Sensu Go Backend API Host (e.g. 'sensu-backend.example.com') (default "127.0.0.1")
  -k, --api-backend-key string                   Sensu Go Backend API Key
  -P, --api-backend-pass string                  Sensu Go Backend API Password (default "P@ssw0rd!")
  -p, --api-backend-port int                     Sensu Go Backend API Port (e.g. 4242) (default 8080)
  -u, --api-backend-user string                  Sensu Go Backend API User (default "admin")
  -c, --check-config string                      Json template for Sensu Check
      --command-arguments-template string        Template for Sensu Check Command (default "{{ range $key, $value := . }} {{ $key }} {{ $value }}{{ end }}")
      --command-bool-arguments-template string   Template for Sensu Check Command (default "{{ range $value := . }} {{ $value }}{{ end }}")
      --command-handler string                   Handler used to post the result (default "default")
      --default-check-suffix-name string         Default suffix name for unpublished checks (default "dynamic")
  -h, --help                                     help for sensu-dynamic-check-mutator
  -i, --insecure-skip-verify                     skip TLS certificate verification (not recommended!)
  -s, --secure                                   Use TLS connection to API
  -t, --trusted-ca-file string                   TLS CA certificate bundle in PEM format

Use "sensu-dynamic-check-mutator [command] --help" for more information about a command.

Configuration

We add a json inside --check-config:

[
  {
    "name": "describe-resource",
    "command": "${{assetPath \"kubectl\"}}/kubernetes/client/bin/kubectl describe",
    "bool_args": [
      "--no-headers"
    ],
    "arguments": ["daemonset","deployment","pod","statefulset","node"],
    "options": {
        "--namespace": "namespace"
    },
    "match_labels": {
        "sensu-alertmanager-events": "owner"
    },
    "exclude_labels": {
        "alertname": "TargetDown"
    },
    "sensu_assets": [
        "kubectl"
    ]
  }
]

In these example we use one event imported by sensu-alertmanager-events and we installed kubectl using assets.

type: Asset
api_version: core/v2
metadata:
  name: kubectl
  namespace: default
spec:
  sha512:  081472833601aa4fa78e79239f67833aa4efcb4efe714426cd01d4ddf6f36fbf304ef7e1f5373bff0fdff44a845f7560165c093c108bd359b5ab4189f36b1f2f
  url: https://dl.k8s.io/v1.20.0/kubernetes-client-linux-amd64.tar.gz

And it will create one annotation like:

"io.sensu.remediation.config.actions": "[{\"request\":\"KubeDaemonSetRolloutStuck-kube-system-filebeat-describe-resource-dynamic\",\"occurrences\":[1],\"severities\":[2],\"subscriptions\":[\"entity:k8s.dev.local\"]}]"

And one check called: KubeDaemonSetRolloutStuck-kube-system-filebeat-describe-resource-dynamic with command ${{assetPath \"kubectl\"}}/kubernetes/client/bin/kubectl describe --namespace kube-system daemonset filebeat-audit.

Json details

Field What it does Example
bool_args add flags without any argument -k
arguments add label.key label.value inside command deployment ingress-nginx
match_labels If found these label.key=label.value it changed the event -
exclude_labels Use to exclude some label.key=labe.value that doenst match with your dynamic check -

Asset registration

Sensu Assets are the best way to make use of this plugin. If you're not using an asset, please
consider doing so! If you're using sensuctl 5.13 with Sensu Backend 5.13 or later, you can use the
following command to add the asset:

sensuctl asset add betorvs/sensu-dynamic-check-mutator

If you're using an earlier version of sensuctl, you can find the asset on the [Bonsai Asset Index][https://bonsai.sensu.io/assets/betorvs/sensu-dynamic-check-mutator].

Mutator definition

Maybe is important to add authetication configs -u dynamic -P ${MUTATOR_PASS} -B sensu-api.k8s.infra.ppro.com -s -t /$PATH_TO_CERTIFICATE/ca.pem

---
type: Mutator
api_version: core/v2
metadata:
  name: sensu-dynamic-check-mutator
  namespace: default
spec:
  command: >-
    sensu-dynamic-check-mutator -c "[{\"name\":\"describe-resource\",\"command\":\"\${{assetPath \\\"kubectl\\\"}}/kubernetes/client/bin/kubectl describe\",\"bool_args\":[\"--no-headers\"],\"arguments\":[\"daemonset\",\"deployment\",\"pod\",\"statefulset\",\"node\"],\"options\":{\"--namespace\":\"namespace\"},\"match_labels\":{\"sensu-alertmanager-events\":\"owner\"},\"match_labels\":{\"alertname\":\"TargetDown\"},\"sensu_assets\":[\"kubectl\"]}]"
  runtime_assets:
  - betorvs/sensu-dynamic-check-mutator

Installation from source

The preferred way of installing and deploying this plugin is to use it as an Asset. If you would
like to compile and install the plugin from source or contribute to it, download the latest version
or create an executable script from this source.

From the local path of the sensu-dynamic-check-mutator repository:

go build

Additional notes

Contributing

For more information about contributing to this plugin, see Contributing.

Are you sure you want to report this asset?

Please describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.

×

You must be signed in to report this asset.

Sign In with Github

Download

×

Either download the source code:

Download Source

Or download the asset definition: